From owner-freebsd-questions Fri Oct 26 12:51:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from yorktown.francisscott.net (yorktown.francisscott.net [216.179.185.125]) by hub.freebsd.org (Postfix) with ESMTP id 1337D37B403 for ; Fri, 26 Oct 2001 12:51:48 -0700 (PDT) Received: from gatekeeper.heavymetal.org (cy565913-a.rdondo1.ca.home.com [24.177.248.173]) by yorktown.francisscott.net (8.11.6/8.11.6) with ESMTP id f9QJpg022530 for ; Fri, 26 Oct 2001 12:51:42 -0700 Received: from zeppelin (zeppelin.heavymetal.org [192.168.250.7]) by gatekeeper.heavymetal.org (8.11.6/8.11.6) with SMTP id f9QJpfX68809 for ; Fri, 26 Oct 2001 12:51:42 -0700 (PDT) (envelope-from scott@lampert.org) Message-ID: <009001c15e57$a22676c0$07faa8c0@zeppelin> From: "Scott Lampert" To: Subject: Bridging issue Date: Fri, 26 Oct 2001 12:51:41 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I sent this question to -security last week and garnered not a single response so I hope that maybe I'll have better luck here. I have a box I've setup as a bridging firewall with ipfw on 4.4-RELEASE. It has 3 interfaces - two are bridged, without IP addresses, and the third has an IP address and is connected to the inside network. Basically it looks like this: +----------+ | Internet | +-*--------+ | 192.168.1.1/24 | | | bridge outside if +--*------------+ | |192.168.1.2/24 | Firewall Box *-------+ | | | +--*------------+ | | bridge inside if | | | | +-+-------+ +---------------+ +------------------| Switch |---------| other systems | +---------+ +---------------+ I hope the poor ascii art helps rather than hinders. :) In any event, I've noticed after running the firewall for a few hours that I start getting the following message in my dmesg output: arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2! xx ouch, bdg_forward for local pkt The box is complaining about that third interface having its IP. It looks like it doesn't realize that the interface belongs to itself. Is this normal behavior or have I misconfigured something? Do I need to add the third interface to the bridge configuration somehow? This exact configuration runs without any complaints under OpenBSD 2.9 however for various reasons I'd prefer to run FreeBSD on this box. If more information is required I'd be more than happy to provide it. Thanks, -Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message